CVE-2003-0072
CVSS5.0
发布时间 :2003-04-02 00:00:00
修订时间 :2008-09-05 16:33:23
NMCOS    

[原文]The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").


[CNNVD]MIT Kerberos 5 Principal名远程缓冲区溢出漏洞(CNNVD-200304-037)

        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。
        Kerberos 5不能正确处理畸形'principal'名,远程攻击者可以利用这个漏洞使守护程序崩溃,导致拒绝服务。
        问题存在于'principal'名数组处理中,攻击者输入名字为零的'principal'名,或者基于主机的服务其'principal'名不包含主机名,就会由于内存破坏而导致程序崩溃,目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mit:kerberos:5-1.2.7MIT Kerberos 5 1.2.7
cpe:/a:mit:kerberos:1.0
cpe:/a:mit:kerberos:5-1.3:alpha1MIT Kerberos 5 1.3 alpha1
cpe:/a:mit:kerberos:5-1.2.1MIT Kerberos 5 1.2.1
cpe:/a:mit:kerberos:5-1.2.4MIT Kerberos 5 1.2.4
cpe:/a:mit:kerberos:5_1.1.1MIT Kerberos 5 1.1.1
cpe:/a:mit:kerberos:5_1.1MIT Kerberos 5 1.1
cpe:/a:mit:kerberos:5-1.2MIT Kerberos 5 1.2
cpe:/a:mit:kerberos:5-1.2.2MIT Kerberos 5 1.2.2
cpe:/a:mit:kerberos:5-1.2.3MIT Kerberos 5 1.2.3
cpe:/a:mit:kerberos:5-1.2.6MIT Kerberos 5 1.2.6
cpe:/a:mit:kerberos:1.2.2.beta1
cpe:/a:mit:kerberos:5-1.2.5MIT Kerberos 5 1.2.5
cpe:/a:mit:kerberos:5_1.0.6MIT Kerberos 5 1.0.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0072
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0072
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-037
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2003/dsa-266
(VENDOR_ADVISORY)  DEBIAN  DSA-266
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
(VENDOR_ADVISORY)  CONFIRM  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://www.redhat.com/support/errata/RHSA-2003-052.html
(UNKNOWN)  REDHAT  RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-051.html
(UNKNOWN)  REDHAT  RHSA-2003:051
http://www.securityfocus.com/bid/7184
(UNKNOWN)  BID  7184
http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
(UNKNOWN)  BUGTRAQ  20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
(UNKNOWN)  SUNALERT  54042

- 漏洞信息

MIT Kerberos 5 Principal名远程缓冲区溢出漏洞
中危 边界条件错误
2003-04-02 00:00:00 2005-10-20 00:00:00
远程  
        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。
        Kerberos 5不能正确处理畸形'principal'名,远程攻击者可以利用这个漏洞使守护程序崩溃,导致拒绝服务。
        问题存在于'principal'名数组处理中,攻击者输入名字为零的'principal'名,或者基于主机的服务其'principal'名不包含主机名,就会由于内存破坏而导致程序崩溃,目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2003/dsa-266

        MIT
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        MIT Patch MITKRB5-SA-2003-005-patch.txt
        
        http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-patch.txt

- 漏洞信息

4901
MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

Kerberos 5 contains a flaw that may allow an authenticated attacker to perform a remote denial of service. By sending a request with a name containing no components, one or more empty components, or a missing host name, the KDC will read memory past the end of an array, possibly causing it to crash.

- 时间线

2003-03-19 Unknow
Unknow Unknow

- 解决方案

MIT has released a patch to address this vulnerability. Refer to vendor-specific advisories for updated packages.

- 相关参考

- 漏洞作者

- 漏洞信息

MIT Kerberos 5 Principal Name Buffer Overflow Vulnerability
Boundary Condition Error 7184
Yes No
2003-03-19 12:00:00 2009-07-11 09:06:00
Discovery is credited to Nalin Dahyabhai.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun SEAM 1.0.2
+ Sun Solaris 9_x86
+ Sun Solaris 9
Sun SEAM 1.0.1
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
Sun SEAM 1.0
MIT Kerberos 5 1.3 -alpha1
MIT Kerberos 5 1.2.7
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ RedHat Linux 9.0 i386
MIT Kerberos 5 1.2.6
MIT Kerberos 5 1.2.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Wirex Immunix OS 7+
MIT Kerberos 5 1.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MIT Kerberos 5 1.2.3
+ Conectiva Linux 8.0
MIT Kerberos 5 1.2.2 -beta1
MIT Kerberos 5 1.2.2
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MIT Kerberos 5 1.2.1
MIT Kerberos 5 1.2
MIT Kerberos 5 1.1.1
+ Red Hat Linux 6.2
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
MIT Kerberos 5 1.1
MIT Kerberos 5 1.0.6
MIT Kerberos 5 1.0

- 漏洞讨论

Kerberos 5 is prone to a buffer overrun in the principal names array. Entering a malformed principal name will cause the buffer to be overrun. This results in Kerberos failing, and, depending upon the malloc implementation and operating system platform, execution of arbitrary code.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has released a security advisory [DSA 266-1] containing fixes for this issue.

Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.

Sun has released security alert 54042 with fixes to address this issue.

The following fixes are available:


Sun Solaris 9

Sun Solaris 9_x86

Sun Solaris 8_x86

Sun Solaris 8_sparc

MIT Kerberos 5 1.0

Sun SEAM 1.0

Sun SEAM 1.0.1

Sun SEAM 1.0.2

MIT Kerberos 5 1.0.6

MIT Kerberos 5 1.1

MIT Kerberos 5 1.1.1

MIT Kerberos 5 1.2

MIT Kerberos 5 1.2.1

MIT Kerberos 5 1.2.2

MIT Kerberos 5 1.2.2 -beta1

MIT Kerberos 5 1.2.3

MIT Kerberos 5 1.2.4

MIT Kerberos 5 1.2.5

MIT Kerberos 5 1.2.6

MIT Kerberos 5 1.2.7

MIT Kerberos 5 1.3 -alpha1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站